Full-stack developer - passionate about building high-impact tools for the developer community and make enterprise-grade protection accessible to every developer, regardless of budget
Great question! Jimpl is excellent for EXIF/metadata removal, but it addresses only one layer of the threat surface. Here's why I built something different:
What metadata stripping does:
✅ Removes EXIF (GPS, camera info, timestamps)
❌ Leaves the original container structure intact
❌ Doesn't touch pixel data
What survives metadata stripping:
Steganographic payloads— data hidden within pixel values (invisible to the eye, survives any metadata scrub) Polyglot files— files that are valid as both image AND executable (container structure matters) Image bombs — malformed containers designed to crash processors (1x50000 pixel attacks) Parser exploits — malicious structures in PNG chunks, JPEG APP segments, etc.
What CDR (Content Disarm & Reconstruction) does differently:
Decode the image to raw pixels only
Completely discard the original container
Rebuild a sterile PNG from scratch
The original file is literally destroyed. If it's not visible pixel data, it doesn't survive. This is the same approach used in military/government systems for handling untrusted files.
Use cases where CDR matters:
SaaS platforms with user-uploaded images (compliance, liability)
Any pipeline where images come from untrusted sources
Jimpl is great for personal privacy (sharing vacation photos).
For production systems handling untrusted uploads at scale, CDR provides defense-in-depth that metadata stripping simply can't. Try it at How to Test Image Rebuilding API: A Step-by-Step Guide
Happy to dive deeper if you're curious about specific attack vectors!
Great question! Jimpl is excellent for EXIF/metadata removal, but it addresses only one layer of the threat surface. Here's why I built something different:
What metadata stripping does:
✅ Removes EXIF (GPS, camera info, timestamps)
❌ Leaves the original container structure intact
❌ Doesn't touch pixel data
What survives metadata stripping:
Steganographic payloads— data hidden within pixel values (invisible to the eye, survives any metadata scrub)
Polyglot files— files that are valid as both image AND executable (container structure matters)
Image bombs — malformed containers designed to crash processors (1x50000 pixel attacks)
Parser exploits — malicious structures in PNG chunks, JPEG APP segments, etc.
What CDR (Content Disarm & Reconstruction) does differently:
Use cases where CDR matters:
Jimpl is great for personal privacy (sharing vacation photos).
For production systems handling untrusted uploads at scale, CDR provides defense-in-depth that metadata stripping simply can't. Try it at How to Test Image Rebuilding API: A Step-by-Step Guide
Happy to dive deeper if you're curious about specific attack vectors!
You're right and it's clear who's the expert here! :)